PT-2018-13808 · Gitolite+1 · Gitolite+1

Salvatore Bonaccorso

Published

2018-09-12

Updated

2024-06-15

CVE-2018-16976

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gitolite versions prior to 3.6.9

Description The issue arises from improper access restriction to a Git repository during migration, potentially allowing valid users to gain unintended access in certain configurations involving @all or a regex.

Recommendations For versions prior to 3.6.9, update to version 3.6.9 or later to resolve the issue.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2018-16976

MGASA-2018-0434

OPENSUSE-SU-2018_3035-1

OPENSUSE-SU-2024:10789-1

Affected Products

Gitolite

Suse

PT-2018-13808 · Gitolite+1 · Gitolite+1

CVE-2018-16976

Weakness Enumeration

Related Identifiers

Affected Products

References · 21